[Owasp-modsecurity-core-rule-set] Need Inputs for Validating Multilingual Charset

Suraj Sharma ssharma4 at sapient.com
Wed Apr 2 11:26:25 UTC 2014


Thanks Ryan. After adding t:utf8toUnicode,t:urlDecodeUni its working.

-----Original Message-----
From: Ryan Barnett [mailto:RBarnett at trustwave.com] 
Sent: Tuesday, April 01, 2014 7:09 PM
To: Suraj Sharma; owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] Need Inputs for Validating Multilingual Charset

The two main configuration items you need to use are -

SecUnicodeMapFile directives -
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecUnicodeM
apFile.  This will set your language code point for use by t:urlDecodeUni.
Use t:utf8toUnicode,t:urlDecodeUni to map multi-byte characters into the
proper Unicode points.

See these references -
http://blog.spiderlabs.com/2011/06/modsecurity-advanced-topic-of-the-week-u
nicode-mapping-support.html

http://blog.spiderlabs.com/2012/08/waf-normalization-and-i18n.html



Ryan Barnett
Lead Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com <http://www.trustwave.com/>




On 4/1/14 9:07 AM, "Suraj Sharma" <ssharma4 at sapient.com> wrote:

>Hi,
>Need your help in creating rules for supporting multilingual character
>set. Our current site is supported for English characters only , we would
>like validate all the other language data as well but disallow characters
>like ;"/< etc. Is it possible to build a generic rule to support all the
>native language character set ?
>
>Thanks
>~Suraj
>
>_______________________________________________
>Owasp-modsecurity-core-rule-set mailing list
>Owasp-modsecurity-core-rule-set at lists.owasp.org
>https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.



More information about the Owasp-modsecurity-core-rule-set mailing list